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(57) Abstract 



A computer file verifier for verifying computer files as audientic is provided. The computer file verifier is implemented on a multi- 
computer system including one or more peripheral computers (12), a central computer (10) including secured memory, and an intraface 
network (16) interconnecting the computers. The peripheral computers (12) are used to create computer files (24). If a computer file (24) 
is to be later verified, a periphml computer (12) generates a fingerprint of the computer file (24). Hie fingerprint is then stored in the 
secured memory of the central computer (10). To verily the content f the file, the peripheral computer (12) regenerates the fingerprint 
and the regenerated fingerprint is compared to the fingerprint stored on die central computer (10). If the fingeiprinls nuuch, the content of 
the computer file is v rified as unaltered. The date and time of creation and the author of the computer file (24) is preferably stored in ttie 
seemed memory of the cennal computer (10) as well, so that this infoimation can also be verified. 



FOR THE PURPOSES OF INFORMATION ONLY 

Codes used to identify States petty to the FCT on llie fitont pages of pamphlets publishing intonational 
applications under the PCT. 



AT 


Austria 


GB 


United Kingdom 


MR 




AU 


Australia 


GE 


Gecigia 


MW 


Mabwi 


BB 


Bailndos 


GN 


Guinea 


N£ 


Niger 


BE 


Bc^inin 


GR 


Greece 


NL 


Netherlands 


BF 


Buikiofl Faso 


HU 


Hnngaiy 


NO 


Norway 


BG 


Bidgaria 


IE 


Ireland 


NZ 


New Zealand 


BJ 


Benin 


IT 


Italy 


PL 


Poland 


BR 


Brazil 


JP 




PT 


Poftugal 


BY 


Belarus 


KE 


Kenya 


RO 


Romania 


CA 


Canada 


KG 


Kyrgystan 


RU 


Russian Federation 


CF 


Central African R^niblie 


KP 


Democratic People's Republic 


SD 


Sudan 


CG 


Congo 




of Korea 


SE 


Sweden 


CH 


Switzeriand 


KR 


Republic of Korea 


SI 


Slovenia 


CI 


COte divoire 


KZ 




SK 


Slovdda 


CM 




LI 


SN 


Senegal 


CN 


Chnia 


UC 


Sri Lanka 


TD 


Chad 


CS 


Chechoslovakia 


LU 




TG 


Togo 


CZ 


Czech Republic 


LV 


Latvia 


Tl 


Tapkistan 


DE 


Gennaoy 


MC 


Monaco 


TT 


Trinidad and Tobago 


DK 


Demiiazk 


MD 


Republic of Moldova 


UA 


Ukraine 


ES 


Spain 


MG 


Madagascar 


US 


United States of America 


FI. 




ML 


MbD 


uz 


Uzbekistan 


FR 


France 


MN 


Mongolia 


VN 


Viet Nam 



GA Gabon 



BNS(XXID:<WO d5l5SP9Ai I > 



wo 95/15522 



PCT/US94/13360 



DIGITAL DATA VERIFICATION SYSTEM 
Field of the Invention 
This invention relates to verifying digital data and, more particularly, verifying 
the authenticity of digital computer files. 
5 Badcground of the Invention 

Despite the ease vndk which information can be created and stored on today's 
computers, conq>uter5 are not used in many applications because there is no 
acceptable way to verify computer files. For example^ in the medical profession 
physidans maintain patient records, i.e., charts, using nonerasable pen and paper. The 
10 physidan initials and dates each entry made in a patienf s chart. Because such entries 
cannot be altered without detection, they are considered authentic and therefore 
acceptable in judicial proceedings. Another example in which pen and paper records 
are piindpally used is technical and sdentific research. Typically, a researcher 
maintains a "lab notebook" to track testing and research developments. Each entry is 
15 dated and initialed. These lab notebooks are conddered adnuadble evidence to prove, 
jfor example, a date of invention or reduction to practice. As a result, to date, mai^ 
medical, research and other records must be stored in "hard copy" form. Conqiuter 
storage has gaierally been con^dered imacceptable because, in the past, electronic 
files have been too easy to alter without d^ctioa 
20 In the past, computers have been relatively laige and cumbersome to use so 

that the inability to use computes for such purposes as storing verifiable medical and 
research records has not been a very significant problem. However, computers have 
become much easier to use and much more portable, and fijrther improvements are 
eT^ected in the fiiture. Accordingly, the use of computes in areas where data 
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authenticity is a requirement is increasingly desirable. Indeed, laptop, notebook and 
palmtop computers are now available and are ideal for creating patient charts, 
recording research progress, and recording financial data and transactions. 

Unfortunately, there are no presently available computer data verification 
S systems that provide an acceptable indication of authenticity and veracity. There are 
tedmiques to make con^uter files noneditable, Le., read-only. For ^cample, many 
computer programs include read-only files that contain informational text for the user. 
Unfortunately, the read-only securiQr techniques presently available can be eadly 
defeated. An inherent problem with such systems is that because the read-only 
10 techniques can be easily defeated, the security of each computer storing important 
files must be dosdy monitored so that no one is able to modify the files on the 
computer. 

What is needed is a simple verification system that verifies the authentidty 
(i.e., content, author, and date and time of creation) of computer files. The system 

15 should be inexpensive and should not require closely monitoring the security of the 
computers on which the files are created and stored. The present invention fiilfills 
these and other needs as described in fiill detail h^dn. 

Summary of the Invention 
In accordance with this invention, a system for verifying computer files as 

20 authentic is provided. The verification system includes a central computer that can be 
accessed by a plurality of p«:q>lieral completers via an inter&ce network. Users create 
computer files via the peripheral computers, e.g., a desktop personal computer, a 
laptop conq>uter, a pahntop computer, etc. Methods in accordance with this 
invention are performed on the periphoal computers and the central computer to 

25 "fingerprint" a file after i^ is created. This way the file can be later verified to 
determine whether the file has been altered since it was fingerprinted. In particular, 
after a user creates a file on a peripheral computer, the user can fingerprint the file for 
later verification. To fingerprint a file, the peripheral computer first calculates a 
fingerprint using a technique that produces a fingerprint that is unique to the data 

30 contained in the file. The peripheral computer then accesses the central computer and 
the central compute stores the file fingerprint. Later, to verify the content of a file 
stored on a peripheral computer, the fingerprint of the file is recalculated uang the 
same technique. The recalculated fingerprint is then compared to the fingerprint 
stored on the central computo*. If the fingerprints match, the file is verified as 

35 unalt^ed. On the other hand, if the fingerprints do not match, then one knows that 
the file has either been altered or corrupted. 
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In accordance Avith further aspects of the invention, when the file is 
fingerprinted, the file is also date and time stamped. In particular, the central 
computer includes a clock that provides the date and time at which the file is 
fingerprinted. The date and time is then stored in the central computer along with the 
5 fingerprint. The date and time is also stored along with the file on the peripheral 
computer. Then, when verifying the file, the date and time stored with the file on the 
peripheral computer is v^ified along with the fingerprint by comparing the date and 
time with tiiat stored on the central computer. 

Jn accordance with fiuther aspects of the invention, the author of the file must 

10 identify hunself before the file is fingerprinted. The central computer then keq>s a 
record of the author along with the fingerprint and date and time stamp of the file. In 
this way, the author of the file can be verified. In one preferred embodiment, the 
author identifies himself by entering a previously assigned password. The central 
computer verifies the password before fingerprinting and date and time stamping the 

15 file. The fingerprint and date and time stamp are stored in a database assigned 
exclusively to the author ^.e., user or subscriber), thereby maintaining a record of the 
file's author. 

In accordance with fiirthw aspects of the invention, the fiiigeiprinriiig of a file 
indudes calculating the cyclic redundancy check (CRQ vahie for the file. Jn : 
20 accordance with still fiirther aspects of the invention, the fingnprint also indudes the 
size of the file. 

In accordance with still fiuther aspects of the invention, the system includes y 
the ability to store complete files on the central computer by downloading the files 
fi-om a peripheral computer. This way, the file can be ddeted on the peripheral 
25 computer to fi-ee up memory, and then uploaded fi-om the central computer when 
needed. Also, if a file on a peripheral computer becomes corrupted, the original file 
can be uploaded firom the central computer if it was previously stored on the central 
computer. 

As will be appredated fi-om the foregoing bri^ summary, a sjrstem for 
30 verifying computer files is provided by this invention. A central computer is used to 
store fingerprints of files mated on various peripheral computers. To verify the 
content of a file as unaltered, the fingerprint of a file stored on a peripheral computer 
is recalculated and then compared to the fingerprint stored on the central computer. 
If the fingerprints match, the content of the file is verified as unaltered. The system 
35 also indudes the ability to date and time stamp files. The date and time stamp is 
stored along with the fingerprint on the central computer so that the date and time of 
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creation of the file can be later verified. The system also includes the ability to record 
on the central computer the file's author so that the author of the file can be verified as 
well. By tightly maintaining the security of the central computer, the fingerprint, 
author, and date and time stamp verification data are preserved. This way, despite lax 
5 security on numerous pmpheral computers, computer files created on the peripheral 
computer can be later verified. In other words, a Ugh security of data, on numerous 
computers is achieved by simply maintaining the security of a single computer, 
namely, the central computer. As a result, a relatively low cost system for veri^dng 
the authentidty (i.e., content, author, and date and time of creation) of computer files 

10 is provided. It will be fiuther appreciated that the invention also allows the 
downloading of files fi-om a peripheral computer to the central computer so that the 
central computer can store a file for later retrieval (i.e., uploading) in case the file is 
either deleted or corrapted on one of the peripheral computers. As a result, 
computers can be used to create records required to have a high level of authenticity 

IS and veracity such as patient medical records, research laboratory records, and 
finandal records. 

Brief Description of the Drawings 
The foregoing aspects and many of the attmdant advantages of this invention 
will become more readify appreciated as the same becomes better understood by 
20 reference to the following detailed description, when taken in conjunction with the 
accompanying drawings, wherein: 

FIGURE 1 is a system block diagram of a multi-computer sjrstem structured in 
accordance with the present invention; 

FIGURE 2A is a block diagram illustrating the types of files, including 
25 document files, stored oti^a peripheral computer in accordance with the invention, and 
FIGURE 2B shows a document file in more detail; 

FIGURE 3A is a block diagram illustrating the types of files, induding 
subscriber databases, stored on a coatral computer in accordance with the invention, 
and FIGrURE 3B shows a subscriber database in more detail; 
30 FIGURES 4A-4D show a composite flow diagram illustrating in part how the 

invention operates; and 

FIGURE 5 contains a flow diagram illustrating in part the opmlion of a 
peripheral computer in accordance with the invention. 

Detailed Description of the Preferred Embodiment 
35 FIGURE 1 is a system block diagram of multiple computers configured and 

interconnected in accordance with the invention. The verification system includes a 
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central computer 10, multiple peripheral computers 12, and a universal time clock 
(UTC) 14, all interconnected via an interface network 16. The peripheral 
computers 12 are computers on which computer files are created by an author (i.e., 
user or subscriber of the verification system). The peripheral computers 12 can take 
5 many forms, including personal computers such as desktop computers, laptop 
computers, notebook conqiuters, or palmtop computers. In accordance with the 
invention, after a file is o-eated on a peripheral computer 12, the file can be 
"fingerprinted,** so that the content of the file can be verified as unakered at a later 
time. In particular, the peripheral computer uses a particular technique to generate a 

10 fingerprint that is unique to the particular data stored in the file. The peripheral 
computer 12 then accesses the central computer 10 via the inter&ce network 16 and 
the fingerprint is stored on the central computer. When verification of the file is 
needed, the peripheral computer recalculates the fingerprint using the same tedmique, 
and the recalculated fingerprint is then compared to the fingerprint stored on the 

15 central computer. If the fingerprints match, the file content is verified as unaltered 
since the file was fingerprinted. 

The verification system provided by the invention could be ofiEered by a 
verification service company. For example, the service company would have the 
central computer 10 and would provide software for various users or subscribers for 

20 use on their own computers, i.e., peripheral computers 12. The peripheral computers 
would access the central computer 10 via the inter&ce network 16. For example, the 
interface network could include modems on each of the peripheral computers, a. 
modem on the central computer, and a telephone network to intercoimect the 
modems. The inter&ce network 16 could also be a commonly used wide area 

25 network. The verification service company would tightly monitor the security of the 
central computer 10 so as to maintain the veracity of file fingerprints stored on the 
central compute 10. Altmiativdy, a buaness havii^ many conq>uters could 
implement the data verification system shown in FIGURE 1 in-house. The peripheral 
computers 12 would be compute used throughout the buaness, and the central 

30 computer 10 would be a computer for verifying the files on the periph^al computers. 
The inter&ce network 16 could thm be some form of local area network. 

In addition to fingerprinting files created on the peripheral computers 12, the 
central computer 10 preferably date and time stamps each file. This way, the date and 
time of creation, as well as the content f a file can be later verified. The central 

35 computer accurately and robustly tracks the date and time so that files can be property 
date and time stamped. In one preferred embodiment, the central computer includes 
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an internal clock and a battery backup as is commonly available in today's computers. 
The central computer 10 periodically updates its internal clock by comparing its time 
vdth the universal time clock 14, which maintains, for example, Greenwich mean time. 

Preferably, the author of a file cannot gain access to the central computer 10 
5 to have a file fiingerprinted and date and time stamped unless the author properly 
identifies himself The central compute verifies that the author is a user or subscriber 
of the verification q^stCTi and thra maintains a record of the author along ivith the file 
fingerprint and date and time stamp. Jn this way, the author of the file can be later 
verified. In one preferred embodiment, this is accomplished by assigning a unique 
10 password to each user or subscriber. The user must correctly mter the password to 
gain access to the caitral computer 10. The central computer 10 stores a subscriber 
database for each user. When a file is fingerprinted and date and time stamped for a 
particular user idmtified by their password, the file fingerprint and date and time 
stamp is stored in the subscriber database assigned to that user. As a result, the file's 
15 author is recorded, namely, the user associated with the subscriber database. 

The central computer also preferably has the ability to store copies of files 
created on the peripheral computers 12. In particular, a peripheral computer 12 can 
download a copy of a file to the central compute 10 via the inter&ce network 16. 
This way, if a file is deleted fi-om a peripheral computer or if a file on the peripheral 
20 compute is altered or corrupted, the copy can be uploaded firom the central 
computer 10. 

FIGURES 2 and 3 illustrate the type of files stored on the peripheral 
computers 12 and the central computer 10. The peripheral computer 12 includes 
memory 18 that can be formed of any presently available memory or storage devices, 

25 e.g., random access meinpry (RANT), disc drives, laser discs, etc. As shown in 
FIGURE 2A, the memory 18 stores, among other things, document files 22 and a 
program 20 referred to as the Digital Data Verifier Peripheral (DDVP). The DDVP 
program 20 is programmed according to the invention to work in conjunction with the 
central computer to provide verification of user created documents. A document 

30 file 22 is created by the verification system upon fingerprinting a user created 
document 24 by appencBiig a document activity log (DAL) 28 to the user created 
documoat 24. A document file 22 is shown in greater detaO in FIGURE 2B. The 
document 24 is the computer file created by the user to contam the data 27, and the 
d cument activity log 28 contains file identification information 25 assigned to the 

35 document 24 and an ongoing record of activity 26 perfiirmed on the document file 22. 
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Upon creation by the verification system, the document files 22 are preferably 
stored in a section of the memory 18 that is configured to be noneditable, i.e., a 
nonedit archive 30. The nonedit archive provides a first level of security against file 
tampering and, just as impoitaiitiy» prevCTts a user fi^om inadvertently altering a 
5 fingerprinted file. The nonedit archive can be formed u^g techniques presently well 
known in the computer arts area. Unfortunatelv, the nonedit attribute of the 
archive 30 formed with present tedbniques can be ea^y defeated by persons highly 
skilled in comput^^ so that storing files in the nonedit archive 30 does not provide a 
suffident level of file vrafication. Accordingly, in accordance with the present 
10 invention, a fingerprint for each document is stored on the central computer 10 — the 
security of which is highly maintained — to provide an acceptable level of file 
verification. 

FIGURE 3A shows the usage of memory 32 included in the central 
computer 10. The memory 32 can be formed of any presently available memory or 

15 storage devices. A portion of the memory 32 is used to store a program 34 referred 
to as the Digital Data Verifier Central (DDVC), which is programmed in accordance 
with the invention to provide file verification in coqunctiGn with the DDVP 
program 20. Another portion 36 of the memory 32 stores subscriber databases 38, 
one for each subsciibtf or user. The composition of a subscriber database 38 is 

20 shoiwn in greater detail in FIGURE 3B. As shown, a subsmber database 38 includes 
an accoimt log 40 that stores subscribe information and a record of system usage, 
which can be used, for example, for purposes of billing the subscriber. A subscriber 
database 38 also includes document data 42 and downloaded documents 44. The 
document data 42 includes a document record 46 for each user created document 24 

25 entered into the verificiition system, i.e., a document record 46 for each document 
file 22. The document records 46 include file fingerprints, date and time stamps, as 
well as other data as described in detail herdnafter. The downloaded documents 44 
include copies 48 of selected document files 22 stored on a peripheral computer 12. 

The operation of the DDVP program 20 and the DDVC program 34 is 

30 illustrated by the flow cfiagrams shown m FIGURES 4A-4D and FIGURE 5. In 
particular, FIGURE 5 illustrates a portion of the steps of the DDVP program 20 
perfomied on a peripheral computer, and FIGURES 4A-4D illustrate steps performed 
by the combination of the DDVC program 34 and the DDVP program 20, 
respectively on the central computer and a peripheral computer. As seen for example 

35 in FIGURE 4A, the flow diagrams shown indude oval blocks, such as the block 50, 
that indicate the start and end of a program; rectangular blocks, such as the block S4, 
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that illustrate an operational step; diamond blocks, such as the decision diamond 52, 
that indicate a decision step that determines which subsequent steps are performed; 
and dght-sided blocks, such as the page connector 58, which indicate that program 
flow is returning from or going to a portion of a flow diagram iliustiated in another 
5 figure. 

FIGURE 5 ilhistrates the high level opoation of the DDYP program 20 on a 
peripheral computer. "When a user wants to pofonn one of the fimctions provided by 
the verification system, the DDVP program 20 is started at the block 160. The 
program first determines whether or not the DDYP software has been in^alled, as 
10 indicated by the decision diamond 162. If the software has not been installed, it is 
installed as indicated by the block 164 and then the nonedit archive 30 shown in 
FIGURE 2A is established, as indicated by the block 166. If the DDVP software is 
already instaUed, or after installing the software as indicated by the blocks 164 and 
166, program control continues at the decision diamond 168, where a determination is 
15 made whether the user wants to review a previously fingerprinted (FP'ed) 
document 24, i.e., review a document file 22. 

If the user does not wish to review a previously fingerprinted document, a 
determination is then made at the decision (fiamond 170 to query whether the user 
wants to fingerprint a new document or verify, download or upload a previousb^ 
20 fingerprinted document. If the user chooses to fingerprint a new document, the user 
first selects the document 24 to be fingerprinted, as indicated at the block 172. The 
DDVP program then copies the selected document 24 to the nonedit arcUve 30, 
establishes a document ID number, and attaches a document activity log 28 to the 
document 24, so as to create a document file 22, as indicated at the block 174. Next, 
25 the peripheral compute^ 12 contacts the central computeclO via the inter&ce 
network 16, as indicated at the block 176. Program control then continues in 
FIGURE 4A, as indicated by the page connector 178, to fingerprint (and date and 
time stamp) the file, as hereinafter described. IC at the decision diamond 170. the user 
instead chooses to verify, upload or downk>ad a previously fingerprinted document, 
30 the step at the block 180 is petfisrmed to allow the user to select the desired 
document file 22 by entering the file's identification number. Thereafter, contact is 
established with the central computer (indicated at the btock 176), and program 
control continues in FIGURE 4A (indicated by the page connector 178) to verify, 
upload or downl ad the selected file, as hereinafter described. 
35 ^ at the dedsi n diamond 168, the user requests to review a document 

file 22, the steps 182, 184, and 186 are petfbtmed. First, the user selects the 
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identification number ID# of the document file 22 they want to review, as indicated at 
the block 182. The user is then able to review the document file 22 on a computer 
screen of the peripheral computer and/or print the document file 22, as indicated by 
the block 184. This activity is recorded in the document a^ivity log 28 of the 
5 document file 22, as indicated by the block 186. The user is then given the option to 
exit the DDVP program, as indicated by the dedsion diamond 188. If the user 
deddes to exit the DDVP program, the program is terminated at the block 190. On 
the other hand, if the user does not wish to terminate the DDVP program, program 
control loops back to the decision diamond 168, where the user is again gh^en the 

10 choice to review a fingerprinted document. 

The starting of the DDVC program 34 on the central computer 10 begins at 
the block 50, as shown in FIGURE 4A. Operation begins with the steps 52, 54, and 
56 to maintain the clock on the central computer and to determine whether a new user 
has come on line. At the decision diamond 52, a determination is made as to whether 

IS the central compute clock should be recalibrated. As shown, prefarably, the dock is 
recalibrated eveiy midnight, and whenever a power intemiption, system 
reinitialization, or system tampering occurs. If recalibration is needed, the clock is 
recalibrated as indicated by the block 54. In one preferred enobodiment, the dock is 
calibrated by contactiqg a universal time dock 14 via the intei&ce network 16, as 

20 shown in FIGURE 1. The universal time dock 14 preferably maintains Greenwich 
mean time (GMT). A&cr recalibrating the dock, the step at the decision diamond 52 
is again performed. Unless some intervening event has occurred, the clock will not 
need recalibrating and program control will continue at the dedsion diamond 56. 
Similariy, if upon first execution of the step 52, the clock does not need recalibrating, 

25 program flow continues at the dedsion diamond 56. 

At the dedsion diamond 56, a determination is made as to i^ether a vs&r at a 
pmpheral conQ)uter has just come on fine, ie., has established contact with the 
central conq>uter. A user coming on line is illustrated in PIGURE 4A by the page 
connector 58, which is reached fi-om the previously described steps shown in 

30 FIGURE 5, in particular, fi-om the page connector 178. If a determination is made 
that a new user is not on line, program control loops back to the dedsion diamond 52 
to again determine whether the clock needs to be recalibrated and then to determine 
whether a new user has come on line. This sequence repeats until a new user comes 
on line. When a new user comes on line, the hereinafter described log-in steps 

35 indicated by the bl cks 60-76 are performed. Concurrentiy, program control loops 
back to the dedsion diamond 52 to again determine whether the clock needs to be 
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recalibrated and then to determine whether another user has come on line. In this 
manner, the central con:q>uter can support several users concurrently. The concurrent 
operation can be accomplished by either time sharing a single processor of the central 
computer or by using multiple processors in parallel, or by other techniques currently 
5 known by those skilled in the computer art area. 

When at the deddon diamond 56 a determination is made that a new user is 
on line, the log-in steps 60*76 are performed. First, as indicated by the decision 
diamond 60, a determination is made as to whether the periphval computer has 
successfiilly connected to tiie cratral computer. This determination mainly involves 

10 determinuig whether the connecdon between the peripheral computer 12 and the 
central computer 10, via the inter&ce network 16, is proper. For example, if the 
inter&ce network includes modems and a telephone network, the test would include 
determining whether the modem tj^es and settings are compatible. If the connection 
is not valid, the user is logged off at the block 78 in FIGURE 4B, which is reached 

15 through the page connector 62 in FIGURE 4A and the page connector 80 in 
FIGURE 4B. li^ on the other hand, the connection between the peripheral computer 
and central computer is satis&ctoiy, the central computer determines whether correct 
DDVP software, re^stered to a valid user, is installed on the peripheral computer, as 
indicated by the ded^on diamond 64. If the DDVP software is not correct, e.g., an 

20 incorrect verdon, or if the software is not registered to a valid user, a message 
indicadxig sudi is sent to the perq>heral pomputer, as indicated at the block 66, and 
then the user is logged off at the block 78, v^ch is reached through the page 
connectors 62 and 80. 

On the other hand, if the DDVP software is determined to be proper at the 

25 decision diamond 64, the ^jiser password is then checked by steps 68-74. The user is 
given three chances to correctly enter their password. First, at the block 68, a counter 
#TRIES is set to zero. After the user enters th^ password, the central computer 
determines whether the password is correct, as indicated at the dedsion diamond 70. 
If the password is not correct^ the central computer increments the coimter #TRIES, 

30 as indicated at the block 72. If the counter #TR]ES is not yet equal to three, as 
determined at the ded^on Aamond 74, then the user is allowed to reent^ thdr 
password and the password is again diecked at the deddon diamond 70. If the user 
is not able to enter thdr password correctly within three tries, the counter #TRIES 
reaches three and the detemunation at the dedsion diamond 74 causes program 

35 control to go to the block 76. At the block 76, a message is sent to the peripheral 
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computer to inform the user of the incorrect password. The user is then logged off at 
the block 78, reached through the page connectors 62 and 80. 

If the user is able to successfully enter their password, program control flows 
from the decision diamond 70 to FIGURE 4B as indicated by the page connectors 82 
5 and 84, respectively in FIGURE4A and EIGURE4B. La FIGURE4B, a 
determination is first made at the deddon diamond 86 as to i^ether the user wants to 
fingerprint or verify a document. 1£ the user requested to fingerprint or verify a 
document, the hereinafter desaibed steps shown in FIGURE 4C are performed, as 
indicated by the page connector 88. On the other hand, if the user does not want to 

10 fingerprint or verify a document, the hereinafter described steps shown in 
FIGURE 4D are performed to either download or upload a document, as indicated by 
the page connector 90. After either performing the steps shown in FIGURE 4C or 
the steps shown in FIGURE 4D, program control returns to FIGURE 4B to execute 
the step at the decision diamond 92, where a determination is made as to whether the 

IS user wants to temiinate comnumication with the cratral computer. If the user does 
not want to terminate conmmnication, program control loops back through the 
blocks 170*, 172' and 174' or 170' and 180' to the ded^on diamond 86 to again 
determine i?^ether the user wants to fingeipiint or verify a file or download or upload 
a file. The steps 170', 172', 174' and 180' are identical to the steps 170, 172, 174 and 

20 180, shown in FIGURE 5. As described with reSstence to FIGURE 5, these steps 
allow the user to sdect a file for fingerprinting or for verifying, uploading or 
downloading. If^ on the other hand, a determination is made at the decision 
diamond 92 that the user wants to end communication, the user activity, e.g., the user 
connect time, is stored in the account log 40 of the subscriber database 38 shown in 

25 FIGURE 3B (indicated^at the block 94). The user is then logged oflF at the block 78 
and the DDVP program control returns to FIGURE S, as indicated by the page 
connector 95. The DDVP program continues fiom the page cc»mectorl79 in 
FIGURE 5 to the step at the decision diamond 188, where the user is given the option 
of either terminating the DDVP program or p^omung fiirther acthity, as previously 

30 desCTibed. 

In FIGURE 4B, when a det^mination is made at the decision diamond 86 that 
a user wants to fingerprint (FP) or v^ify a document the steps shown in FIGURE 4C 
are perfi3nned. In particular, to fingerprint (and date and time stamp) a file, the 
steps 98 and 100 flowing firom the page connect r96 are performed. At the 
35 block 98, the peripheral computer determines a fingerprint for a user selected 
document 24 using a preselected technique that produces a fingerprint unique t the 
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content of the document. It voll be recalled that the user selects the document to be 
fingerprinted at the block 172 in FIGURE 5 (or at the block 172' in FIGURE 4B). In 
one particular embodiment, the fingerprint calculated at the block 98 in FIGURE 4C 
includes the cyclic redundancy check (CRC) value of the file. The algorithm for 
5 calculating the CRC value of a file is well known in the computer art and is common^ 
used for data communication. The filngeiprint may also include the size of the 
document, as indicated in ihe block 98. 

Next, as indicated at the block 100, the fingerprint and other information are 
stored in the subsoiber database 38 assigned to the user. In particular, a documrat 

10 record 46 as shown in FIGURE 3B is created. The fingeiprint of the document, 
induding the documait*s CRC and size in one preferred embodiment, is stored in this 
record. The present date and time is also determined by reference to the clock on the 
cmtral computer, and this date and time is stored in the document record 46 so as to 
date and time stamp the document. The identification number ID# established by the 

15 step at the block 174 in FIGURE 5 (or at the block 174' in HGURE 4B) is also stored 
in the document record 46 to identify the record. As the block 100 indicates, the 
peripheral computer stores the document CRC, the document's size, and the date and 
time in the document activity log 28 of the document file 24, as shown in 
FIGURE2B. After performing the step 100, fingerprinting and date and time 

20 stamping of the file is complete, and program control returns via the page 
connector 102 to FIGURE 4B at the page connector 88. 

After a user has fingerprinted one or more files, the user can then vedfy the 
file at a later point in time. To verify a file, the steps 106-118 after the page 
connector 104 in FIGURE 4C are performed. First, as indicated at the block 106, the 

25 central computer seardie^ the user's subscriber database 38 for the document selected 
by the user (at the block 180 in FIGURE S or at the block 180' in FIGURE 4B) and 
retrieves the information recorded in the corresponding document record 46. The 
peripheral computer then recalculates the CRC and size of the document 24 ardiived 
on the peripheral computer, as indicated by the block 108. The peripheral computer 

30 also retrieves the date and lime stamp stored in the document activity log 28 attached 
to the document 24. The cratral computer then compares the CRC, file size, and date 
and time stamp determined by the peripheral computer to the corresponding 
verification data stored in the subscriber database 38 on the central computer, as 
indicated at the block 110. At the dedsion diamond 112, a query is ibsn made as to 

35 whether the verification data match. If the data match, the document 24 is valid 

verified) and this determination is recorded in the document activity log 28 on the 



wo 95/15522 



PCT/US94/13360 



peripheral computer and in the document record 46 in the subscriber database 38 on 
the central computer, as indicated by the block 114. Thereafter, program control is 
retumed via the page connector 102 to FIGURE 4B at the page connector 88. 

however, at the ded^on diamond 112 in FIGURE 4C, a detomination is 
5 made that the verification data do not match, the document 24 is invalid and a 
corresponding error message is logged in the document activity log 28 on the 
peripheral computer and in the document record 46 in the subscriber database on the 
central computer, as indicated at the block 116. Thereafter, at the decision 
diamond 1 1 8, the user is given the option to retry file verification. If the user requests 

10 to retry verification, program control loops back to the block 106 to repeat the 
verification process. If, on the other hand, the user does not want to retiy 
verification, program control returns via the page connector 102 to FIGURE 4B at 
the page connector 88. 

To do^^oad or upload a previously fingerprinted file, the steps shown in 

IS FIGURE 4D are performed. To download a file fi^om a peripheral conqiut^ to the 
central computer, the steps be^nning at the page coimector 120 are performed. First, 
the document file 22 selected by the user (at the block 180 in FIGURE 5 or at the 
block 180' in FIGURE 4B) is downloaded from the peripheral computer to the user's 
subscriber database 38 on the central computer, as indicated at the block 122. Next, 

20 the downloaded document file 48 is checked at the blocks 124, 126 and 128 to 
determine whether the downloading was successfiil, Le., error fi-ee. In particular, the 
file size and CRC of the downloaded document file 48 is calculated by the central 
computer at the block 124, The calculated data are then compared to the CRC and 
file size in the document activity log 28 on the peripheral computer, as indicated at the 

25 block 126. At the dedsion diamond 128, a detCTiunation is made as to whether the 
data match. If the data do not match, the file downloading was unsuccessfiiL In this 
case, the downloaded document file 48 is deleted from the subscriber database 38 and 
an error message is sent at the block 132 to inform the user that the downloading was 
unsuccessfiil. The user is then given the opportunity to retry the downloading, as 

30 indicated at the decision diamond 134. If the user decides not to retry downloading, 
program control is retumed via the page connector 136 to FIGURE 4B at the page 
connector 90. On the other hand, if the user wants to retry downloading, program 
control loops back to the block 122 to repeat the downloading process. 

If; at the decision diamond 128, a determination is made that the CRCs and 

35 file fflzes match, the file downl ading was successfiil O e., error free). Then, at the 
blodcs 127 and 129, the downloaded document file 48 is verified to ^isure that the 
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downloaded document is identical to the document that was earlier fingerprinted (and 
date and time stamped). This ensures that only valid (i.e., verified) documents are 
downloaded and stored on the central computer. At the block 127, the CRC, file size, 
and date and time in the downloaded document file 48 are compared to the 
5 corresponding data in the document record 46 generated when the file was 
fingerprinted. If the verification data do not match (determined at the ded^on 
diamond 129), the document file 48 is deleted firom the subscribe database and an 
error message is sent, as indicated at the block 132. The user is then given a chance 
to retry downloading at the decision diamond 134, as previously described. If, on the 

10 other hand, the verification data match, the downloaded file is valid and this result is 
recorded in the document activity log 28 on the p^pheral computer and in the 
document record 46 in the subscriber database 38 on the cmtral computer, as 
indicated at the block 130. Program control then returns via the page connector 136 
to FIGURE 4B at the page connector 90. 

15 To upload a file firom the central computer to a peripheral computer, the steps 

be^nning at the page connector 136 in FIGURE 4D are performed. First, the coitral 
conqiuter search^ the user's subscriber database 38 fi3r the requested document 
(selected at the block 180 in FIGURE S or at the block 180' in FIGURE 4B), and 
uploads the document file 48 to the p^ph^at computer, as indicated at the 

20 block 138. The uploaded document is then verified by comparing its CRC and size to 
that stored on the central computer. In particular, the file size and CRC of the 
uploaded document are calculated by the peripheral computer, as indicated at the 
block 140. The central computer then compares the file size and CRC calculated by 
the peripheral computer to the file size and CRC stored in the subscriber database 36 

25 on the central computer,^ as indicated by the block 142. At the decision diamond 146, 
a determination is made as to v^ether the data match. H'the data match, a record of 
the succ^sfijl uploading is recorded in Ihe document record 46 in the subsodbc^- 
database 38 on the central computer and in the document activity log 24 on the 
perQ>heral conq>uter, as indicated at the block 148. Program control th» returns via 

30 the page connector 136 to FIGURE 4B at the page connector 90. 

I^ on the other hand, at the dedaon cfiamond 146 a detomination is made 
that the CRCs and file sizes do not match, an error message is sent to inform the user 
of this at the block 150 and the Uploaded document is deleted fi-om the peripheral 
computer. The user is then ^ven the chance to retry uploading of the file, as 

35 indicated by the decision diamond 152. If the user decides to retry uploading, 
program control loops back to the block 138 to restart uploading of the file. I^ n 



wo 95/15522 



PCT/US94/13360 



-15. 

the other hand, the user decides not to reattempt uploading of the file, program 
control returns via the page connector 136 to FIGURE 4B at the page connector 90. 

While the presently preferred embodiment of the invention has been illustrated 
and described, it will be appreciated that various changes can be made th^-ein without 
5 d^arting fi'om the spint and scope of the invention. For example, vASle the 
fingerprint of a file was described as the CRC and aze of the file, various other 
techniques could be used to uniquely identify the content of the file. Furthermore, 
vAaie the fingerprint was said to be stored on both the peripheral and central 
computer, it may be more dearable not to store the fingerprint on the peripheral 

10 computer so that a user does not have access to this information. This would further 
reduce the risk of someone defeating the verification system. Furthermore, while the 
system has been entitled a digital verification system, it will be readily recognized by 
those skilled in the electronics art that the system could verify data stored in other 
forms, such as analog form. Thus, it will be imderstood that within the scope of the 

IS appended claims, various changes can be made in the specifically disclosed 
embodiments of the invention. 
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The embodiments of the invention in which an exclusive property or privilege 
is claimed are defined as follows: 

1. A method of verifying computer files, including the steps of: 

(a) generating a fingerprint of a computer file that is to be verified 
at a later time, said fingerprint being generated by a preselected technique such that 
said fingerprint is uniquely dictated by contents of said computer file; 

(b) storing said fingerprint in a secured memory; and 

(c) when verification of said computer file is desired: 

(i) re-generating a fingerprint of said computer file using 
said preseleaed technique; 

(ii) comparing said regenerated fingerprint to said stored 

fingerprint; and 

Oii) if said regenerated fingerprint is the same as said stored 
fingerprint, th» providing an indication that said computer file has not been alt^ed or 
comipted since generating said stored fingerprint, otherwise providing an indication 
that said computer file has been altered or corrupted since generating said stored 
fingerprint. 

2. The method of claim 1, wherein said secured memory that stores said 
fingerprint is part of a central computer, and wherein said step of generating a 
fingerprint is performed by a periphery computer interconnected to said central 
computer. 

3. The method of claim 2, said method including verifying the date and 
time of creation of said tctmputer file by performing steps including: 

determining a date and time to assign to said computer file, said date and time 
indicative of when s^d computer file was created; 

storing said date and time along with said stored fingerprint in said secured 
memory of said central computer; and 

when verifying said computer file, reviewing said date and time stored in said 
secured memoiy. 

4. The method of claim 3, wherein data is stored in said computer file in a 
digital format, fiirther wherein said preselected technique of generating computer file 
fingerprints includes calculating the c^cUc redundancy check value of a computer file. 
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SO that said stored fingerprint and said regenerated fingerprint include cyclic 
redundancy check values. 

5. The method of claim 4, wherein the user of said peripheral computer 
initiating said method must first identify himsd^ further wherein said fingerprint is 
stored in said secured memory in such a way that said user can be determined when 
said verification of said computer file is desired, so that the author of said computer 
file can be verified. 

6. The method of dum 5, including the optional step of storing a copy of 
said computer file in said secured memory, so that if said computer file is deleted, 
allied or corrupted, said copy of said computer file can be retrieved fi-om said 
secured memory. 

7. The m^od of claim 3, wherein the user of said peripheral computer 
initiating said method must first identify himself; fiirther wherein said fingerprint is 
stored in said secured memory in such a way that said user can be determined wbexk 
said verification of said computer file is desired, so that the author of said computer 
file can be vmfied. 

8. The method of claim 2, wherein data is stored in said computer file in a 
digital format, fiirther wherein said preselected technique of generating computer file 
fingerprints includes calculating the cyclic redundancy check value of a computer file, 
so that said stored fingerprint and said regenerated fingerprint include cyclic 
redundancy check values. 

9. The method of claim 2, wherein the user of said peripheral computer 
initiating said method must first identify himsd^ fiirther i^erein said fingerprint is 
stored in said secured memory in such a way that said user can be determined when 
said verification of said computer file is desired, so that the author of said computer 
file can be verified. 

10. The method of claim 1, wherein data is stored in said computer file in a 
digital format, fiirther herein ssud preselected technique of generating conqmter file 
fiiig^rints indudes calculating the cyclic redundancy dieck value of a computer file, 
so that said stored fingerprint and said r^enerated fingerprint indude cydic 
redundancy check values. 
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11. The method of claim 10, wherein said preselected technique of 
generating computer jSle fingerprints fiirther includes calculating the size of a 
computer file, so that said stored fingerprint and said regenerated fingerprint include 
file sizes. 

12. The method of claim 1, said method including verifying the date and 
time of creation of said computer file by performing steps including: 

determining a date and time to assign to said computer file, said date and time 
indicative of when said computer file was created; 

storing said date and time along with said stored fingetprint in said secured 
memory of said central computer; and 

when verifying said compute file, reviewing said date and time stored in said 
secured memory. 

13 . A method of verifying the date and time of creation of conqputer files, 
said method including the steps of: 

(a) determining a date and time to assign to a computer file that is 
to be verified at a later time, said date and time indicative of when said computer file 
was created; 

(b) storing said date and time in a secured memory; and 

(c) when v^ification of the date and time of o-eatton of said 
computer file is desired, reviewing said date and time stored in said secured memory. 

14. The method of claim 13, wherein said date and time stored in said 
secured memory is also added to said computer file, and said reviewing of said date 
and time includes: 

comparing said date and time stored in said secured memory and the date and 
time contained in said computer file; and 

if said date and time stored in said secured memory and said date and time 
contained in said computer file are the same, then providing an indication that said 
date and time contained in said computer file is a valid indication of vAicn said 
con^uter file was created, otherwise providing an indication that said date and time 
contained in said computer file is invalid. 

15. The method of claim 14, wherein said secured memory is part of a 
central computer, and wherein said step of adding said date and time to said computer 
file is p^ormed by a peripheral computer intercoimected to said central computer. 
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16. The method of claim 15, wherein the user of said peripheral computer 
initiating said method must first identify himself further wherein said date and time is 
stored in said secured memoiy in such a way that said user can be determined when 
said vmfication of the date and time of creation of said computer file is desired, so 
that the author of said computer file can be verified. 

17. A computer file verifier for a multi-computer system including at least 
one peripheral computer, a central computer including secured memory, and an 
inter&ce network interconnecting said at least one peripheral computer and said 
central computer, said computer file verifier comprising: 

(a) a central computer program for execution on said central 

computer; 

(b) a peripheral computer program for execution on said at least 
one peripheral computer, said cratral computer program and said peripheral computer 
program verifying computer files by performing the steps of: 

(1) cauang said peripheral computer to generate a 
fingerprint of a computer file that is to be verified at a later time, said fingerprint bring 
genoated by a preselected technique such that said fingOTprint is uniquefy dictated by 
contents of said computer file; 

(2) causing said central computer to store said fingerprint 
in said secured memory of said central computei^ and 

(3) when verification of said computer file is desired: 

0) causing said peripheral computer to regenerate a 
fingerprint of srid computer file u^g said presdected techmque; 

(ii) causing said cratral compute to compare said 
r^enerated fingerprint to said stored fingerprint and 

(iii) ifsaid regenerated fingerprint is the same as said 
stored fingerprint, causing said central conq>uter to provide an indication that said 
computer file has not been altered or corrupted since generating said stored 
fingerprint, otherwise causing said central computer to provide an indication that said 
computer file has been altered or corrapted ^ce generating said stored fingerprint. 

18. The computer file verifier of claim 17, wherein said central computer 
program and said pmphraal computer program also venfy the date and time of 
creation of said coiiq>uter file by perfi3rming the steps of: 
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causing said central computer to determine a date and time to assign to said 
computer file, said date and time indicative of when said computer file was created; 

causing said central computer to store said date and time along with said 
stored fingerprint in said secured memory; and 

when verifying said computer file, cauang said CCTitral computer to review 
said date and time stored in said secured mraioiy. 

19. The computer file verifier of claim 18, wherein the user of said at least 
one peripheral computer initiating smd peripheral computer program must first 
identify himself, fiirther wherein ssdd central computer program causes said central 
computer to store said fingerprint in smd secured memory in such a way that said user 
can be determined when said verification of said computer file is desired, so that the 
author of said computer file can be verified. 

20. The computer file verifier of claim 19, wherem said central computer 
optionally causes said central computer to store a copy of said computer file in said 
secured memory of said cratral computer, so that if said computer file is deleted, 
altered or cormpted, said copy of said computer file can be retrieved firom said 
secured memory. 

21. The method of claim 17, wfaerdn data is stored in said computer file in 
a digital format, fiirther wherein said preselected technique of generating computer 
file fingerprints includes calculating the cychc redundancy check value of a computer 
file, so that said stored fingoprint and said regenerated fiingerprint include qrclic 
redundancy check values. 

22. The metliod of claim 21, wherdn said preselected technique of 
graerating computer file fingerprints fiirthff indudes calculattng the aze of a 
computer file, so that said stored fing^rint and said regenerated fingerprint indude 
fileazes. 

23. The computer file verifier of claim 17, wherein the user of said at least 
one peripheral compute initiating said peripheral computer program must first 
identify himself fiirther wherdn said central computer program causes said central 
computer to store said fing^rint in said secured memory in such a way that said user 
can be determined when said verification f said computer file is desired, so that the 
author of said computer file can be voified. 
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24. A c mputer file date and time verifier for a mvilti-computer system 
including at least one peripheral computer, a central computer including secured 
memory, and an interfiice network int^connecting said at least one peripheral 
computer and said central computer, said computer file verifier comprimig: 

(a) a central computer program for execution on said central 

computet; and 

(b) a peripheral computer program for execution on said at least 
one peripheral computer, said central computer program and said peripheral computer 
program verifying the date and time of creation of computer files by performing the 
stq>sof: 

(1) causing said peripheral computer to call said central 
computer to initiate date and time stamping of a computer file that is to be verified at 
a later time; 

(2) causing said central computer to determine a date and 
time to assign to said computer file, said date and time indicative of when said, 
computer file was created; 

(3) causing said cratral computer to store said date and 
time in said secured memory; and 

(4) when verification of the date and time of creation of 
said computer file is de^ed, causing said central computer to review said date and 
time stored in siud secured memory. 

25. The computer file date and time verifier of claim 24, wherdm said 
periphml computer program causes said peripheral compute to add said date and 
time stored in said seci^d memoiy to said computer file, and said step of cau^ng said 
central computer to review said date and time in said secured memory comprises: 

cau^ng said caitral computer to compare smd date and time stored in said 
secured memory and the date and time contained in said computer file; and 

if said date and time stored in said secured memory and said date and time 
contained in said computer file are the same, then causing said central computer to 
provide an indication that said date and time contained in said computer file is a valid 
indication of when said computer file was created, otherwise causing said central 
compute to provide an indication that said date and time contained in said computer 
file is invalid. 
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26. The computer file date and time verifier of claim 25, wherein the user 
of said at least one peripheral computer initiating said peripheral computer program 
must first identify himself, fiirther wherein said central computer program causes said 
central computer to store said date and time in said secured memory in such a way 
that said user can be determined when said verification of the date and time of 
creation of said computer file is desired^ so that the author of said computer file can 
be verified. 
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